Versions Compared

Old Version 2

changes.mady.by.user Ciprian LUCACI

Saved on

compared with

New Version 3

changes.mady.by.user Ciprian LUCACI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

What roles are there in the LHO app?

LHO currently supports the following roles that grant specific rights in the application:

  • user

    • an Azure AD user can only access the Overview, Reports and Health Alerts features of the application

    • access cost and telemetry data on workspaces based on configured access rights

  • executive

    • all the rights of users, plus access cost and telemetry data on all published workspaces with no access rights restriction

  • admin

    • all the rights of users and executives, plus the ability to configure a Databricks Workspace to be used for analysis by users and executives

  • billing admin

    • all the rights of users, plus ability to manage consumption data loading and processing

How can I assign LHO roles to users?

(Step 1) Create env variable

In order to enable roles in LHO app, set the following environment variable for LHO app:

  • ADMIN_APP_ROLE = bplm-admin

    • bplm-admin is simply a user defined role name. Administrator can set any tag to identify the admin role type. This tag is used to define in Active Directory an App Registration Role.

    • (warning) if the env variable ADMIN_APP_ROLE is not defined, then all regular users work effectively as admin users, with full rights in the LHO app

(Step 2) Create app role

Open Azure Active Directory in Azure Portal → App registrations → search for client id (see more details at “How do I configure the Azure Active Directory group?”) and open application → click on App roles → Create app role with following settings:

  • Display name

    • bplm-admin

  • select Users/Groups

  • Value

    • bplm-admin

    • value must be the same as the value of env variable ADMIN_APP_ROLE

  • Description

    • any meaningful description

(Step 3) Assign users to App role

From the above step, click on Overview in the opened application page.

If the from (Step 2) was closed, then Open Azure Active Directory in Azure Portal → App registrations → search for client id (see more details at “How do I configure the Azure Active Directory group?”) and open application.

Click on the link for Managed application in local directory, the link is the App name. This will open the Enterprise Application view.

Select Users and groups tab, click to Add User/Group.

...

How can I assign LHO roles to users?

...

Managed Identities

Managed Identities Types

...